SA Tourism bombarded hundreds of inboxes with unsolicited e-mails last week, due to a glitch reportedly caused by a virus outbreak.
Information Security Group of Africa chairman, Craig Rosewarne, speculates the problem could have stemmed from a continuous loop on SA Tourism's Microsoft Exchange Server, resulting in thousands of copies of a single e-mail being distributed.
Rosewarne explains: “Roughly 900 copies of the same e-mail were sent out. Subsequently, we communicated with the relevant Internet service provider, Internet Solutions, after people received hundreds of copies of the same e-mail.”
However, SA Tourism claims it was a virus outbreak, which did not originate from SA Tourism's server.
According to the company, a mass e-mail was sent out to external users and certain users' machines had been previously infected by a virus. The infected machines immediately replicated the e-mail thousands of times and distributed it to the recipient list.
Rosewarne says certain steps should have been carried out to prevent this from happening. “SA Tourism should have had an incident response plan in place in order to deal with the issue properly. They should have implemented a proper communication plan - a lot of their stakeholders have been left in the lurch and SA Tourism should have been much more forthcoming in apologising to them.
Rosewarne adds that with a few months to go until the 2010 Fifa World Cup, when SA Tourism will be promoting itself the most, this couldn't have happened at a worse time. “It is evident that many companies are not equipped to deal with a problem like this.”
The original e-mail refers to a survey on SA Tourism's Association Day conference at Meetings Africa 2010, with a link that directs the user to the Web site requesting them to complete a questionnaire form online.
Cyber road rage
Rosewarne notes the incident also demonstrated 'cyber road rage', as angry recipients threatened to block SA Tourism's system by resending the e-mails to the company.
Gary Els, senior project manager of Rand Water's engineering division, was one of the recipients of the e-mail. He says after receiving the first batch of e-mails, he called SA Tourism complaining about the lack of response and to urgently resolve the matter.
In frustration, Els and five other recipients resent the e-mail to SA Tourism. “In doing so, however, my e-mail was connected to the offending e-mail, and my mail was duplicated, as well as five others, and two or three automatically-generated reply systems. Thus, we had approximately eight continuous mails pouring into inboxes.”
Els says the problem seemed to be solved after its Internet service provider stopped all of the incoming and outgoing e-mail. He adds, however, that after the long weekend e-mails were still coming through, although not to the same extent. This in addition to return system 'failure of delivery' messages, of his continuous e-mail not being delivered.
SA Tourism maintains that once it became aware of the problem, it carried out necessary steps to block the e-mails coming in through the firewall. At the time of publication, SA Tourism said it is running a full investigation into the matter.
Share